splk-1002 question 170 discussion

View all Splunk Core Certified Power User Exam here
back to splunk forum

Question 170

Consider the following search:
Index=web sourcetype=access_combined
The log shows several events that share the same JSESSIONID value (SD404K289O2F151). View the
events as a group. From the following list, which search groups events by JSESSIONID?

  • A. index=web sourcetype=access_combined SD404K289O2F151 I table JSESSIONID
  • B. index=web sourcetype=access_combined JSESSIONID <SD404K289O2F151>
  • C. index=web sourcetype=access_combined I highlight JSESSIONID I search SD404K289O2F151
  • D. index-web sourcetype=access_combined I transaction JSESSIONID I search SD404K289O2F151
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D 2 votes
50%
Discussions
0 / 1000
giovanni.zago
1 month, 1 week ago

D it's the only with a grouping function (transaction)

0